Former cyber security boss ‘believes a Russian group’ is behind the NHS ‘major IT incident’
A leading cyber security expert has warned Russia was behind this week’s hack of NHS services, which caused a “major IT incident”.
The former chief executive of the National Cyber Security Centre claimed Moscow may have been central to the attack but it’s “unlikely” they realise the damage they have done.
Asked on BBC Radio 4’s Today programme if it is known who attacked Synnovis, Ciaran Martin said: “Yes. We believe it is a Russian group of cyber criminals who call themselves Qilin.
“These criminal groups – there are quite a few of them – they operate freely from within Russia, they give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.
“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.”
He added: “There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn’t released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.
“So, if you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.
“This type of ransomware has affected healthcare all over the world.
“It’s particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people’s healthcare. So it’s really one of the more serious that we’ve seen in this country.”
This comes after a major cyber attack on NHS hospitals in London caused a number of procedures to be cancelled or changed.
The “major IT incident”, which took place on Monday, hit King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and the Evelina London Children’s Hospital, and primary care services.
According to letters sent to NHS staff, a number of procedures have been cancelled or redirected to other NHS providers, with blood transfusions said to have been especially impacted.
The cyber incident involved a pathology services provider and NHS partner Synnovis, a partnership between two London-based hospital Trusts and SYNLAB. A ransomware attack hit the system, affecting all Synnovis IT systems and disrupting connections to the main server for some departments.
With contribution from Press Association